On Tue, 2006-04-11 at 00:04 -0400, Tim Largy wrote: > I have two Samba shares on my FC5 box. After upgrading FC3 -> FC5, my > Windows machine couldn't access either of my Samba shares. The first > share is a subdirectory of my home directory, e.g. /home/me/share. The > second share is /somewhere/else. I got my first share working again by > doing the following: > > # whoami > root > # chcon -Rt samba_share_t /home/me/share > # togglesebool samba_enable_home_dirs > # service smb restart > > I understand the above isn't a permanent solution because at the next > reboot or relabeling, I would have to enter those commands again, but > I'm not concerned about that right now. Let's address it anyway. There is no need to change the context type of your home directory (or subdirectory of it) to samba_share_t. According to "man samba_selinux", setting the samba_enable_home_dirs boolean will enable samba sharing of home directories, and there's no need for a context change. So you can change the context back using: # chcon -Rt user_home_t /home/me/share In order to make this setting survive a reboot, you can do: # setsebool -P samba_enable_home_dirs 1 There will be no need to worry about a relabel because you will not have changed any contexts from the default. > What I want to do is get my > second share working; I tried doing this: > > # chcon -Rt samba_share_t /somewhere/else > # service smb restart > > but that wasn't sufficient. Potentially relevant information about > this share is that it is set up in /etc/samba/smb.conf like this: > > [public] > path = /somewhere/else > public = yes > only guest = yes > writable = yes > printable = no > > Any advice on how to get it working again? I'd like to know where /somewhere/else actually is before answering that. Changing the context of something that *should* have some other specific context might break things in an unexpected way. If you've set up some area specifically for sharing data, like for instance /srv/public (using directories under /srv is a good place for this sort of thing), you can do: # chcon -Rt public_content_rw_t /srv/public The "public content" type is readable by a variety of different servers such as samba, httpd, ftpd, rsync etc. You can select which one(s) of them is/are allowed to write to the area using a separate boolean for each. So for samba, you'd use: # setsebool -P allow_smb_anon_write 1 Paul. Paul.
